Opened 11 years ago

Last modified 9 years ago

#1193 new defect

MPlayer [Crash] and Valgrind reports Invalid Read within /lib/ld-2.3.6.so

Reported by: nstockma@… Owned by: reimar
Priority: normal Component: vd
Version: HEAD Severity: normal
Keywords: Cc: catchconv-bugreports@…
Blocked By: Blocking:
Reproduced by developer: Analyzed by developer:

Description

I am unsure how to categorize this bug as it appears that it may be in the X11 windowing library? However I thought it would be worth reporting since it causes Mplayer to crash.

Here's a .mqv file where Valgrind reports an Invalid Read of size 4 and Mplayer
crashes. The mqv file (109-nosound_lavf_works.mqv) can be found inside the .tgz archive at the URL above. The bug is easily reproducible.

I confirmed that this bug is reproducible on Linux OS, Debian x32 with the
following subversion of MPlayer: dev-SVN-r27289-4.1.2

I used a 32-bit Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz.

To reproduce:
wget http://www.metafuzz.com/testcases/178672-109-3374317095-InvalidWrite.tgz
tar xzfv 178672-109-3374317095-InvalidWrite?.tgz
valgrind mplayer 109-nosound_lavf_works.mqv

Here is the output from Valgrind and Mplayer on my machine:

==15802== Memcheck, a memory error detector.
==15802== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==15802== Using LibVEX rev 1854, a library for dynamic binary translation.
==15802== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks? LLP.
==15802== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==15802== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==15802== For more details, rerun with: -v
==15802==
MPlayer dev-SVN-r27289-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz (Family: 6, Model: 15, Stepping: 6)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2

Playing 109-nosound_lavf_works.mqv.
libavformat file format detected.
[mpeg4 @ 0x4416ac0]hmm, seems the headers are not complete, trying to guess time_increment_bits
[mpeg4 @ 0x4416ac0]my guess is 1 bits ;)
[mpeg4 @ 0x4416ac0]hmm, seems the headers are not complete, trying to guess time_increment_bits
[mpeg4 @ 0x4416ac0]my guess is 6 bits ;)
[mpeg4 @ 0x4416ac0]hmm, seems the headers are not complete, trying to guess time
_increment_bits
[mpeg4 @ 0x4416ac0]my guess is 2 bits ;)
[lavf] Video stream found, -vid 0
VIDEO: [FMP4] 160x112 0bpp 25.000 fps 0.0 kbps ( 0.0 kbyte/s)
==========================================================================
Opening video decoder: [ffmpeg] FFmpeg's libavcodec codec family
Selected video codec: [ffodivx] vfm: ffmpeg (FFmpeg MPEG-4)
==========================================================================
Audio: no sound
Starting playback...
VDec: vo config request - 160 x 112 (preferred colorspace: Planar YV12)
VDec: using Planar YV12 as output csp (no 0)
Movie-Aspect is 1.43:1 - prescaling to correct movie aspect.
VO: [x11] 160x112 => 160x112 Planar YV12

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
==15802== Invalid read of size 4
==15802== Stack hash: 2608987646
==15802== at 0x4010E00: (within /lib/ld-2.3.6.so)
==15802== by 0x4004B78: (within /lib/ld-2.3.6.so)
==15802== by 0x4006792: (within /lib/ld-2.3.6.so)
==15802== by 0x427646F: (within /lib/tls/i686/cmov/libc-2.3.6.so)
==15802== by 0x400B44E: (within /lib/ld-2.3.6.so)
==15802== by 0x4275EDE: _dl_open (in /lib/tls/i686/cmov/libc-2.3.6.so)
==15802== by 0x414DD8D: (within /lib/tls/i686/cmov/libdl-2.3.6.so)
==15802== by 0x400B44E: (within /lib/ld-2.3.6.so)
==15802== by 0x414E42C: (within /lib/tls/i686/cmov/libdl-2.3.6.so)
==15802== by 0x414DD20: dlopen (in /lib/tls/i686/cmov/libdl-2.3.6.so)
==15802== by 0x4049448: (within /usr/lib/libX11.so.6.2.0)
==15802== by 0x4049756: _XNoticeCreateBitmap (in /usr/lib/libX11.so.6.2.0)
==15802== Address 0x4497678 is 24 bytes inside a block of size 25 alloc'd
==15802== Stack hash: 701839604
==15802== at 0x401D898: malloc (vg_replace_malloc.c:207)
==15802== by 0x4004839: (within /lib/ld-2.3.6.so)
==15802== by 0x40068D3: (within /lib/ld-2.3.6.so)
==15802== by 0x427646F: (within /lib/tls/i686/cmov/libc-2.3.6.so)
==15802== by 0x400B44E: (within /lib/ld-2.3.6.so)
==15802== by 0x4275EDE: _dl_open (in /lib/tls/i686/cmov/libc-2.3.6.so)
==15802== by 0x414DD8D: (within /lib/tls/i686/cmov/libdl-2.3.6.so)
==15802== by 0x400B44E: (within /lib/ld-2.3.6.so)
==15802== by 0x414E42C: (within /lib/tls/i686/cmov/libdl-2.3.6.so)
==15802== by 0x414DD20: dlopen (in /lib/tls/i686/cmov/libdl-2.3.6.so)
==15802== by 0x4049448: (within /usr/lib/libX11.so.6.2.0)
==15802== by 0x4049756: _XNoticeCreateBitmap (in /usr/lib/libX11.so.6.2.0)
==15802==
==15802== Invalid read of size 4
==15802== Stack hash: 801049415
==15802== at 0x4010E00: (within /lib/ld-2.3.6.so)
==15802== by 0x4004B78: (within /lib/ld-2.3.6.so)
==15802== by 0x4006792: (within /lib/ld-2.3.6.so)
==15802== by 0x400A1F6: (within /lib/ld-2.3.6.so)
==15802== by 0x400B44E: (within /lib/ld-2.3.6.so)
==15802== by 0x400A3CA: (within /lib/ld-2.3.6.so)
==15802== by 0x42764D4: (within /lib/tls/i686/cmov/libc-2.3.6.so)
==15802== by 0x400B44E: (within /lib/ld-2.3.6.so)
==15802== by 0x4275EDE: _dl_open (in /lib/tls/i686/cmov/libc-2.3.6.so)
==15802== by 0x414DD8D: (within /lib/tls/i686/cmov/libdl-2.3.6.so)
==15802== by 0x400B44E: (within /lib/ld-2.3.6.so)
==15802== by 0x414E42C: (within /lib/tls/i686/cmov/libdl-2.3.6.so)
==15802== Address 0x44979a8 is 24 bytes inside a block of size 25 alloc'd
==15802== Stack hash: 3188868669
==15802== at 0x401D898: malloc (vg_replace_malloc.c:207)
==15802== by 0x4004839: (within /lib/ld-2.3.6.so)
==15802== by 0x40068D3: (within /lib/ld-2.3.6.so)
==15802== by 0x400A1F6: (within /lib/ld-2.3.6.so)
==15802== by 0x400B44E: (within /lib/ld-2.3.6.so)
==15802== by 0x400A3CA: (within /lib/ld-2.3.6.so)
==15802== by 0x42764D4: (within /lib/tls/i686/cmov/libc-2.3.6.so)
==15802== by 0x400B44E: (within /lib/ld-2.3.6.so)
==15802== by 0x4275EDE: _dl_open (in /lib/tls/i686/cmov/libc-2.3.6.so)
==15802== by 0x414DD8D: (within /lib/tls/i686/cmov/libdl-2.3.6.so)
==15802== by 0x400B44E: (within /lib/ld-2.3.6.so)
==15802== by 0x414E42C: (within /lib/tls/i686/cmov/libdl-2.3.6.so)
==15802==
==15802== Conditional jump or move depends on uninitialised value(s)
==15802== Stack hash: 2746048421
==15802== at 0x4008ED5: (within /lib/ld-2.3.6.so)
==15802== by 0x42768C4: (within /lib/tls/i686/cmov/libc-2.3.6.so)
==15802== by 0x400B44E: (within /lib/ld-2.3.6.so)
==15802== by 0x4275EDE: _dl_open (in /lib/tls/i686/cmov/libc-2.3.6.so)
==15802== by 0x414DD8D: (within /lib/tls/i686/cmov/libdl-2.3.6.so)
==15802== by 0x400B44E: (within /lib/ld-2.3.6.so)
==15802== by 0x414E42C: (within /lib/tls/i686/cmov/libdl-2.3.6.so)
==15802== by 0x414DD20: dlopen (in /lib/tls/i686/cmov/libdl-2.3.6.so)
==15802== by 0x4049448: (within /usr/lib/libX11.so.6.2.0)
==15802== by 0x4049756: _XNoticeCreateBitmap (in /usr/lib/libX11.so.6.2.0)
==15802== by 0x4049B3C: XCreatePixmap (in /usr/lib/libX11.so.6.2.0)
==15802== by 0x40489BF: XCreateBitmapFromData (in /usr/lib/libX11.so.6.2.0)
==15802==
==15802== Conditional jump or move depends on uninitialised value(s)
==15802== Stack hash: 514968026
==15802== at 0x4008B2E: (within /lib/ld-2.3.6.so)
==15802== by 0x42768C4: (within /lib/tls/i686/cmov/libc-2.3.6.so)
==15802== by 0x400B44E: (within /lib/ld-2.3.6.so)
==15802== by 0x4275EDE: _dl_open (in /lib/tls/i686/cmov/libc-2.3.6.so)
==15802== by 0x414DD8D: (within /lib/tls/i686/cmov/libdl-2.3.6.so)
==15802== by 0x400B44E: (within /lib/ld-2.3.6.so)
==15802== by 0x414E42C: (within /lib/tls/i686/cmov/libdl-2.3.6.so)
==15802== by 0x414DD20: dlopen (in /lib/tls/i686/cmov/libdl-2.3.6.so)
==15802== by 0x4049448: (within /usr/lib/libX11.so.6.2.0)
==15802== by 0x4049756: _XNoticeCreateBitmap (in /usr/lib/libX11.so.6.2.0)
==15802== by 0x4049B3C: XCreatePixmap (in /usr/lib/libX11.so.6.2.0)
==15802== by 0x40489BF: XCreateBitmapFromData (in /usr/lib/libX11.so.6.2.0)
==15802==
==15802== Syscall param write(buf) points to uninitialised byte(s)
==15802== Stack hash: 3987015707
==15802== at 0x4000792: (within /lib/ld-2.3.6.so)
==15802== by 0x406A29E: _X11TransWrite (in /usr/lib/libX11.so.6.2.0)
==15802== by 0x406FBD5: (within /usr/lib/libX11.so.6.2.0)
==15802== by 0x4070812: _XReadEvents (in /usr/lib/libX11.so.6.2.0)
==15802== by 0x405A0C9: XNextEvent (in /usr/lib/libX11.so.6.2.0)
==15802== by 0x80904B0: vo_x11_create_vo_window (x11_common.c:1321)
==15802== by 0x8091467: config (vo_x11.c:441)
==15802== by 0x808ABC7: config_video_out (video_out.c:320)
==15802== by 0x811A63D: config (vf_vo.c:65)
==15802== by 0x80EE677: vf_config_wrapper (vf.c:617)
==15802== by 0x80EC9E3: mpcodecs_config_vo (vd.c:309)
==15802== by 0x81A0A62: init_vo (vd_ffmpeg.c:543)
==15802== Address 0x4478f34 is 284 bytes inside a block of size 16,384 alloc'd
==15802== Stack hash: 3820558458
==15802== at 0x401C9BE: calloc (vg_replace_malloc.c:397)
==15802== by 0x405ACBD: XOpenDisplay (in /usr/lib/libX11.so.6.2.0)
==15802== by 0x808EC2E: vo_init (x11_common.c:441)
==15802== by 0x80916BA: preinit (vo_x11.c:746)
==15802== by 0x808AE2D: init_best_video_out (video_out.c:295)
==15802== by 0x8077D2D: reinit_video_chain (mplayer.c:2151)
==15802== by 0x8079905: main (mplayer.c:3537)
[swscaler @ 0x8646ea0]using unscaled yuv420p -> rgb32 special converter
[mpeg4 @ 0x865e090]I cbpc damaged at 9 3
[mpeg4 @ 0x865e090]Error at MB: 42
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 3 2
[mpeg4 @ 0x865e090]Error at MB: 25
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.0 0/ 0 ??% ??% ??,?% 0 0 M[mpeg4 @ 0x865e090]1. marker bit missing in 3. esc
[mpeg4 @ 0x865e090]Error at MB: 13
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.0 0/ 0 ??% ??% ??,?% 0 0
M[mpeg4 @ 0x865e090]illegal dc vlc
[mpeg4 @ 0x865e090]Error at MB: 44
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.1 0/ 0 ??% ??% ??,?% 0 0 M[mpeg4 @ 0x865e090]Error at MB: 41
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.1 0/ 0 ??% ??% ??,?% 0 0
MV: 0.2 0/
0 ??% ??% ??,?% 0 0 M[mpeg4 @ 0x865e090]ac-tex damaged at 6 3
[mpeg4 @ 0x865e090]Error at MB: 39
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.2 0/ 0 ??% ??% ??,?% 0 0
M[mpeg4 @ 0x865e090]ac-tex damaged at 0 5
[mpeg4 @ 0x865e090]Error at MB: 55
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.2 0/ 0 ??% ??% ??,?% 0 0 MV: 0.3 0/
0 ??% ??% ??,?% 0 0
M[mpeg4 @ 0x865e090]ac-tex damaged at 3 6
[mpeg4 @ 0x865e090]Error at MB: 69
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.3 0/ 0 ??% ??% ??,?% 0 0 MV: 0.4 0/
0 ??% ??% ??,?% 0 0
M[mpeg4 @ 0x865e090]ac-tex damaged at 6 1
[mpeg4 @ 0x865e090]Error at MB: 17
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.4 0/ 0 ??% ??% ??,?% 0 0 M[mpeg4 @ 0x865e090]I cbpy damaged at 7 3
[mpeg4 @ 0x865e090]Error at MB: 40
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.4 0/ 0 ??% ??% ??,?% 0 0
M[mpeg4 @ 0x865e:
090]illegal dc vlc
[mpeg4 @ 0x865e090]Error at MB: 2
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.5 0/ 0 ??% ??% ??,?% 0 0 M[mpeg4 @ 0x865e090]ac-tex damaged at 5 4
[mpeg4 @ 0x865e090]Error at MB: 49
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.5 0/ 0 307% 3% 0.0% 0 0
M[mpeg4 @ 0x865e090]1. marker bit missing in 3. esc
[mpeg4 @ 0x865e090]Error at MB: 22
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.6 0/ 0 287% 3% 0.0% 0 0 M[mpeg4 @ 0x865e090]dc marker bit missing
[mpeg4 @ 0x865e090]Error at MB: 53
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.6 0/ 0 270% 3% 0.0% 0 0
M[mpeg4 @ 0x865e090]ac-tex damaged at 3 6
[mpeg4 @ 0x865e090]Error at MB: 69
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.6 0/ 0 255% 3% 0.0% 0 0 MV: 0.7 0/
0 241% 3% 0.0% 0 0
MV: 0.7 0/ 0 229% 2% 0.0% 0 0 M[mpeg4 @ 0x865e090]ac-tex damaged at 2 5
[mpeg4 @ 0x865e090]Error at MB: 57
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.8 0/ 0 219% 2% 0.0% 0 0
M[mpeg4 @ 0x865e090]ac-tex damaged at 6 4
[mpeg4 @ 0x865e090]Error at MB: 50
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.8 0/ 0 209% 2% 0.0% 0 0 M[mpeg4 @ 0x865e:
090]Error at MB: 29
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.8 0/ 0 200% 2% 0.0% 0 0
MV: 0.9 0/
0 198% 2% 0.0% 0 0 M[mpeg4 @ 0x865e090]ac-tex damaged at 4 3
[mpeg4 @ 0x865e090]Error at MB: 37
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 0.9 0/ 0 191% 2% 0.0% 0 0
M[mpeg4 @ 0x865e090]ac-tex damaged at 4 2
[mpeg4 @ 0x865e090]Error at MB: 26
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 1.0 0/ 0 185% 2% 0.0% 0 0 M[mpeg4 @ 0x865e090]ac-tex damaged at 5 4
[mpeg4 @ 0x865e090]Error at MB: 49
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 1.0 0/ 0 180% 2% 0.0% 0 0
MV: 1.0 0/
0 175% 2% 0.0% 0 0 M[mpeg4 @ 0x865e090]I cbpy damaged at 6 2
[mpeg4 @ 0x865e090]Error at MB: 28
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 1.1 0/ 0 169% 2% 0.0% 0 0
MV: 1.1 0/
0 164% 2% 0.0% 0 0 M[mpeg4 @ 0x865e090]1. marker bit missing in 3. esc
[mpeg4 @ 0x865e090]Error at MB: 35
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 1.2 0/ 0 160% 2% 0.0% 0 0
M[mpeg4 @ 0x865e090]ac-tex damaged at 9 4
[mpeg4 @ 0x865e090]Error at MB: 53
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 1.2 0/ 0 155% 2% 0.0% 0 0 M[mpeg4 @ 0x865e090]1. marker bit missing in 3. esc
[mpeg4 @ 0x865e090]Error at MB: 28
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 1.2 0/ 0 151% 2% 0.0% 0 0
M[mpeg4 @ 0x865e090]ac-tex damaged at 3 5
[mpeg4 @ 0x865e090]Error at MB: 58
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 1.3 0/ 0 147% 2% 0.0% 0 0 MV: 1.3 0/
0 143% 2% 0.0% 0 0
M[mpeg4 @ 0x865e090]1. marker bit missing in 3. esc
[mpeg4 @ 0x865e090]Error at MB: 48
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 1.4 0/ 0 140% 2% 0.0% 0 0 M[mpeg4 @ 0x865e090]1. marker bit missing in 3. esc
[mpeg4 @ 0x865e090]Error at MB: 61
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
V: 1.4 0/ 0 137% 2% 0.0% 0 0
MV: 1.4 0/
0 134% 2% 0.0% 0 0 MVDec: vo config request - 4256 x 112 (preferred colorspace: Planar YV12)
VDec: using Planar YV12 as output csp (no 0)
Movie-Aspect is 1.43:1 - prescaling to correct movie aspect.
VO: [x11] 4256x112 => 4256x2980 Planar YV12
[ASPECT] Warning: No suitable new res found!
swScaler: Compile time max width is 2048 change VOF/VOFW and recompile
FATAL: Cannot initialize video driver.
[mpeg4 @ 0x865e090]I cbpy damaged at 8 0
[mpeg4 @ 0x865e090]Error at MB: 8
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 76 0
[mpeg4 @ 0x865e090]Error at MB: 76
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 62 0
[mpeg4 @ 0x865e090]Error at MB: 62
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 14 0
[mpeg4 @ 0x865e090]Error at MB: 14
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 74 0
[mpeg4 @ 0x865e090]Error at MB: 74
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 45 0
[mpeg4 @ 0x865e090]Error at MB: 45
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]I cbpy damaged at 56 0
[mpeg4 @ 0x865e090]Error at MB: 56
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]hmm, seems the headers are not complete, trying to guess time_increment_bits
[mpeg4 @ 0x865e090]my guess is 1 bits ;)
[mpeg4 @ 0x865e090]ac-tex damaged at 25 0
[mpeg4 @ 0x865e090]Error at MB: 25
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]hmm, seems the headers are not complete, trying to guess time_increment_bits
[mpeg4 @ 0x865e090]my guess is 6 bits ;)
[mpeg4 @ 0x865e090]hmm, seems the headers are not complete, trying to guess time_increment_bits
[mpeg4 @ 0x865e090]my guess is 2 bits ;)
[mpeg4 @ 0x865e090]ac-tex damaged at 12 0
[mpeg4 @ 0x865e090]Error at MB: 12
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 44 0
[mpeg4 @ 0x865e090]Error at MB: 44
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]warning: first frame is no keyframe
==15802==
==15802== Invalid read of size 4
==15802== Stack hash: 203206338
==15802== at 0x82548AD: sws_scale (swscale.c:2484)
==15802== by 0x8090CC5: draw_slice (vo_x11.c:631)
==15802== by 0x81A16D3: draw_slice (vd_ffmpeg.c:477)
==15802== by 0x834424F: ff_draw_horiz_band (mpegvideo.c:2017)
==15802== by 0x841926A: decode_slice (h263dec.c:248)
==15802== by 0x841A2D0: ff_h263_decode_frame (h263dec.c:636)
==15802== by 0x82F494F: avcodec_decode_video (utils.c:897)
==15802== by 0x81A0CC9: decode (vd_ffmpeg.c:781)
==15802== by 0x80E32DA: decode_video (dec_video.c:369)
==15802== by 0x8079F66: main (mplayer.c:1761)
==15802== Address 0x60 is not stack'd, malloc'd or (recently) free'd

MPlayer interrupted by signal 11 in module: decode video

  • MPlayer crashed by bad usage of CPU/FPU/RAM. Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash.
  • MPlayer crashed. This shouldn't happen. It can be a bug in the MPlayer code _or_ in your drivers _or_ in your gcc version. If you think it's MPlayer's fault, please read DOCS/HTML/en/bugreports.html and follow the instructions there. We can't and won't help unless you provide this information when reporting a possible bug.

==15802==
==15802== ERROR SUMMARY: 10 errors from 6 contexts (suppressed: 27 from 1)
==15802== malloc/free: in use at exit: 448,633 bytes in 2,814 blocks.
==15802== malloc/free: 3,770 allocs, 956 frees, 5,401,684 bytes allocated.
==15802== For counts of detected errors, rerun with: -v
==15802== searching for pointers to 2,814 not-freed blocks.
==15802== checked 3,355,740 bytes.
==15802==
==15802== LEAK SUMMARY:
==15802== definitely lost: 0 bytes in 0 blocks.
==15802== possibly lost: 0 bytes in 0 blocks.
==15802== still reachable: 448,633 bytes in 2,814 blocks.
==15802== suppressed: 0 bytes in 0 blocks.
==15802== Rerun with --leak-check=full to see details of leaked memory.

Here is a backtrace using gdb:

(gdb) run -v 109-nosound_lavf_works.mqv
Starting program: /usr/local/bin/mplayer -v 109-nosound_lavf_works.mqv
Failed to read a valid object file image from memory.
[Thread debugging using libthread_db enabled]
[New Thread -1211389728 (LWP 17301)]
MPlayer dev-SVN-r27289-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz (Family: 6, Model: 15, Stepping: 13)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2
get_path('codecs.conf') -> '/home/user/.mplayer/codecs.conf'
Reading /home/user/.mplayer/codecs.conf: Can't open '/home/user/.mplayer/codecs.conf': No such file or directory
Reading /usr/local/etc/mplayer/codecs.conf: Can't open '/usr/local/etc/mplayer/codecs.conf': No such file or directory
Using built-in default codecs.conf.
Configuration: --enable-debug=3
CommandLine?: '-v' '109-nosound_lavf_works.mqv'
get_path('font/font.desc') -> '/home/user/.mplayer/font/font.desc'
font: can't open file: /home/user/.mplayer/font/font.desc
font: can't open file: /usr/local/share/mplayer/font/font.desc
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay?
Using nanosleep() timing
get_path('input.conf') -> '/home/user/.mplayer/input.conf'
Can't open input config file /home/user/.mplayer/input.conf: No such file or directory
Can't open input config file /usr/local/etc/mplayer/input.conf: No such file or directory
Falling back on default (hardcoded) input config
get_path('109-nosound_lavf_works.mqv.conf') -> '/home/user/.mplayer/109-nosound_lavf_works.mqv.conf'

Playing 109-nosound_lavf_works.mqv.
get_path('sub/') -> '/home/user/.mplayer/sub/'
[file] File size is 383577 bytes
STREAM: [file] 109-nosound_lavf_works.mqv
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
LAVF_check: raw MPEG-4 video format
Checking for YUV4MPEG2
ASF_check: not ASF guid!
Checking for NuppelVideo?
Checking for REAL
Checking for SMJPEG
Searching demuxer type for filename 109-nosound_lavf_works.mqv ext: .mqv
Checking for Nullsoft Streaming Video
Checking for MOV
Checking for VIVO
header block 1 size: 0
AVS: avs_check_file - attempting to open file 109-nosound_lavf_works.mqv
AVS: File is too big, aborting...
Checking for PVA
Checking for MPEG-TS...
TRIED UP TO POSITION 68276, FOUND 47, packet_size= 0, SEEMS A TS? 0
Checking for LMLM4 Stream Format
Invalid packet in LMLM4 stream: ch=0 size=1718909290
LMLM4 Stream Format not found
MPEG Stream reached EOF
ds_fill_buffer: EOF reached (stream: video)
MPEG packet stats: p100: 59 p101: 0 p1B6: 308 p12x: 27 sli: 1 a: 0 b: 0 c: 0 idr: 0 sps: 0 pps: 1 PES: 23 MP3: 103, synced: 0
Not MPEG System Stream format... (maybe Transport Stream?)
stream_seek: WARNING! Can't seek to 0x0 !
MPEG Stream reached EOF
ds_fill_buffer: EOF reached (stream: video)
MPEG packet stats: p100: 58 p101: 0 p1B6: 308 p12x: 27 sli: 1 a: 0 b: 0 c: 0 idr: 0 sps: 0 pps: 1 PES: 23 MP3: 103, synced: 0
Not MPEG System Stream format... (maybe Transport Stream?)
stream_seek: WARNING! Can't seek to 0x0 !
==> Found video stream: 0
ds_fill_buffer: EOF reached (stream: video)
LAVF_check: raw MPEG-4 video format
libavformat file format detected.
[mpeg4 @ 0x89c6760]hmm, seems the headers are not complete, trying to guess time_increment_bits
[mpeg4 @ 0x89c6760]my guess is 1 bits ;)
[mpeg4 @ 0x89c6760]hmm, seems the headers are not complete, trying to guess time_increment_bits
[mpeg4 @ 0x89c6760]my guess is 6 bits ;)
[mpeg4 @ 0x89c6760]hmm, seems the headers are not complete, trying to guess time_increment_bits
[mpeg4 @ 0x89c6760]my guess is 2 bits ;)
==> Found video stream: 0
[lavf] Video stream found, -vid 0
======= VIDEO Format ======

biSize 122
biWidth 160
biHeight 112
biPlanes 0
biBitCount 0
biCompression 877677894='FMP4'
biSizeImage 0

Unknown extra header dump: [0] [0] [0] [18] [66] [74] [79] [72] [6d] [71] [74] [20] [1] [0] [0] [3] [6d] [71] [74] [20] [71] [74] [20] [20] [0] [0] [0] [20] [70] [72] [66] [6c] [0] [0] [0] [20] [0] [0] [0] [1] [0] [0] [20] [0] [6d] [71] [74] [20] [70] [72] [69] [64] [23] [a5] [54] [52] [0] [5] [c5] [46] [6d] [64] [61] [74] [0] [0] [1] [0] [0] [0] [1] [20] [0] [84] [5d] [4c] [28] [28] [20] [70] [a3] [1f]
===========================
LAVF: 0 audio and 1 video streams found
LAVF: build 3412224
VIDEO: [FMP4] 160x112 0bpp 25.000 fps 0.0 kbps ( 0.0 kbyte/s)
[V] filefmt:35 fourcc:0x34504D46 size:160x112 fps:25.000 ftime:=0.0400
get_path('sub/') -> '/home/user/.mplayer/sub/'
X11 opening display: :0.0
vo: X11 color mask: FFFFFF (R:FF0000 G:FF00 B:FF)
vo: X11 running at 1440x900 with depth 24 and 32 bpp (":0.0" => local display)
[x11] Detected wm supports NetWM.
[x11] Detected wm supports FULLSCREEN state.
[x11] Detected wm supports ABOVE state.
[x11] Detected wm supports BELOW state.
[x11] Current fstype setting honours FULLSCREEN ABOVE BELOW X atoms
==========================================================================
Opening video decoder: [ffmpeg] FFmpeg's libavcodec codec family
INFO: libavcodec init OK!
Selected video codec: [ffodivx] vfm: ffmpeg (FFmpeg MPEG-4)
==========================================================================
Audio: no sound
Freeing 0 unused audio chunks.
Starting playback...
[ffmpeg] aspect_ratio: 1.428571
VDec: vo config request - 160 x 112 (preferred colorspace: Planar YV12)
Trying filter chain: vo
VDec: using Planar YV12 as output csp (no 0)
Movie-Aspect is 1.43:1 - prescaling to correct movie aspect.
VO Config (160x112->160x112,flags=0,'MPlayer',0x32315659)
VO: [x11] 160x112 => 160x112 Planar YV12
VO: Description: X11 ( XImage/Shm )
VO: Author: Aaron Holtzman <aholtzma@…>
Sharing memory.
[swscaler @ 0x8646ea0]using unscaled yuv420p -> rgb32 special converter
* [vo] Allocating (slices) mp_image_t, 160x112x12bpp YUV planar, 26880 bytes
[mpeg4 @ 0x865e090]I cbpc damaged at 9 3
[mpeg4 @ 0x865e090]Error at MB: 42
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
* [vo] Allocating (slices) mp_image_t, 160x112x12bpp YUV planar, 26880 bytes
[mpeg4 @ 0x865e090]ac-tex damaged at 3 2
[mpeg4 @ 0x865e090]Error at MB: 25
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]1. marker bit missing in 3. esc
[mpeg4 @ 0x865e090]Error at MB: 13
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]illegal dc vlc0
[mpeg4 @ 0x865e090]Error at MB: 44
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]Error at MB: 41
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 6 3
[mpeg4 @ 0x865e090]Error at MB: 39
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 0 5
[mpeg4 @ 0x865e090]Error at MB: 55
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 3 6
[mpeg4 @ 0x865e090]Error at MB: 69
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 6 1
[mpeg4 @ 0x865e090]Error at MB: 17
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]I cbpy damaged at 7 3
[mpeg4 @ 0x865e090]Error at MB: 40
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]illegal dc vlc0
[mpeg4 @ 0x865e090]Error at MB: 2
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 5 4
[mpeg4 @ 0x865e090]Error at MB: 49
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]1. marker bit missing in 3. esc
[mpeg4 @ 0x865e090]Error at MB: 22
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]dc marker bit missing
[mpeg4 @ 0x865e090]Error at MB: 53
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 3 6
[mpeg4 @ 0x865e090]Error at MB: 69
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 2 5
[mpeg4 @ 0x865e090]Error at MB: 57
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 6 4
[mpeg4 @ 0x865e090]Error at MB: 50
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]Error at MB: 29
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 4 3
[mpeg4 @ 0x865e090]Error at MB: 37
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 4 2
[mpeg4 @ 0x865e090]Error at MB: 26
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 5 4
[mpeg4 @ 0x865e090]Error at MB: 49
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]I cbpy damaged at 6 2
[mpeg4 @ 0x865e090]Error at MB: 28
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]1. marker bit missing in 3. esc
[mpeg4 @ 0x865e090]Error at MB: 35
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 9 4
[mpeg4 @ 0x865e090]Error at MB: 53
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]1. marker bit missing in 3. esc
[mpeg4 @ 0x865e090]Error at MB: 28
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 3 5
[mpeg4 @ 0x865e090]Error at MB: 58
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]1. marker bit missing in 3. esc
[mpeg4 @ 0x865e090]Error at MB: 48
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[mpeg4 @ 0x865e090]1. marker bit missing in 3. esc
[mpeg4 @ 0x865e090]Error at MB: 61
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]concealing 70 DC, 70 AC, 70 MV errors
[ffmpeg] aspect_ratio: 38.000000 0
VDec: vo config request - 4256 x 112 (preferred colorspace: Planar YV12)
Trying filter chain: vo
VDec: using Planar YV12 as output csp (no 0)
Movie-Aspect is 1.43:1 - prescaling to correct movie aspect.
VO Config (4256x112->4256x2980,flags=0,'MPlayer',0x32315659)
VO: [x11] 4256x112 => 4256x2980 Planar YV12
VO: Description: X11 ( XImage/Shm )
VO: Author: Aaron Holtzman <aholtzma@…>
[ASPECT] Warning: No suitable new res found!
swScaler: Compile time max width is 2048 change VOF/VOFW and recompile
FATAL: Cannot initialize video driver.
[mpeg4 @ 0x865e090]I cbpy damaged at 8 0
[mpeg4 @ 0x865e090]Error at MB: 8
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 76 0
[mpeg4 @ 0x865e090]Error at MB: 76
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
* [vo] Exporting mp_image_t, 4256x112x12bpp YUV planar, 715008 bytes
[mpeg4 @ 0x865e090]ac-tex damaged at 62 0
[mpeg4 @ 0x865e090]Error at MB: 62
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 14 0
[mpeg4 @ 0x865e090]Error at MB: 14
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 74 0
[mpeg4 @ 0x865e090]Error at MB: 74
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 45 0
[mpeg4 @ 0x865e090]Error at MB: 45
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]I cbpy damaged at 56 0
[mpeg4 @ 0x865e090]Error at MB: 56
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]hmm, seems the headers are not complete, trying to guess time_increment_bits
[mpeg4 @ 0x865e090]my guess is 1 bits ;)
[mpeg4 @ 0x865e090]ac-tex damaged at 25 0
[mpeg4 @ 0x865e090]Error at MB: 25
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]hmm, seems the headers are not complete, trying to guess time_increment_bits
[mpeg4 @ 0x865e090]my guess is 6 bits ;)
[mpeg4 @ 0x865e090]hmm, seems the headers are not complete, trying to guess time_increment_bits
[mpeg4 @ 0x865e090]my guess is 2 bits ;)
[mpeg4 @ 0x865e090]ac-tex damaged at 12 0
[mpeg4 @ 0x865e090]Error at MB: 12
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]ac-tex damaged at 44 0
[mpeg4 @ 0x865e090]Error at MB: 44
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]marker does not match f_code
[mpeg4 @ 0x865e090]concealing 1862 DC, 1862 AC, 1862 MV errors
[mpeg4 @ 0x865e090]warning: first frame is no keyframe

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1211389728 (LWP 17301)]
0x082548ad in sws_scale (c=0x0, src=0xbfc626e0, srcStride=0x89d1160, srcSliceY=0, srcSliceH=16,

dst=0xbfc62680, dstStride=0xbfc62674) at swscale.c:2484

2484 if (c->sliceDir == 0 && srcSliceY != 0 && srcSliceY + srcSliceH != c->srcH) {
(gdb) bt
#0 0x082548ad in sws_scale (c=0x0, src=0xbfc626e0, srcStride=0x89d1160, srcSliceY=0,

srcSliceH=16, dst=0xbfc62680, dstStride=0xbfc62674) at swscale.c:2484

#1 0x08090cc6 in draw_slice (src=0xbfc626e0, stride=0x89d1160, w=4256, h=16, x=0, y=0)

at libvo/vo_x11.c:631

#2 0x081a16d4 in draw_slice (s=0x89e6ab0, src=0x89d1150, offset=0xbfc6272c, y=0, type=3,

height=16) at libmpcodecs/vd_ffmpeg.c:477

#3 0x08344250 in ff_draw_horiz_band (s=0x89cab10, y=0, h=16) at mpegvideo.c:2017
#4 0x0841926b in decode_slice (s=0x89cab10) at h263dec.c:248
#5 0x0841a2d1 in ff_h263_decode_frame (avctx=0x89e6ab0, data=0x89e69c0, data_size=0xbfc628b4,

buf=0x8ae4cc0 "", buf_size=5246) at h263dec.c:636

#6 0x082f4950 in avcodec_decode_video (avctx=0x89e6ab0, picture=0x89e69c0,

got_picture_ptr=0xbfc628b4, buf=0x8ae4cc0 "", buf_size=5246) at utils.c:897

#7 0x081a0cca in decode (sh=0x89e5bc0, data=0x8ae4cc0, len=5246, flags=0)

at libmpcodecs/vd_ffmpeg.c:781

#8 0x080e32db in decode_video (sh_video=0x89e5bc0, start=0x8ae4cc0 "", in_size=5246,

drop_frame=0, pts=2.0800000000000001) at libmpcodecs/dec_video.c:369

#9 0x08079f67 in main (argc=3, argv=0xbfc63b74) at mplayer.c:1761
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x825488d to 0x82548cd:
0x0825488d <sws_scale+13>: push %ebp
0x0825488e <sws_scale+14>: or $0xc7,%al
0x08254890 <sws_scale+16>: inc %ebp
0x08254891 <sws_scale+17>: lock add %al,(%eax)
0x08254894 <sws_scale+20>: add %al,(%eax)
0x08254896 <sws_scale+22>: mov (%edx),%eax
0x08254898 <sws_scale+24>: lea 0x4(%edx),%ecx
0x0825489b <sws_scale+27>: mov %eax,0xffffffe4(%ebp)
0x0825489e <sws_scale+30>: mov 0x4(%edx),%eax
0x082548a1 <sws_scale+33>: mov %eax,0xffffffe8(%ebp)
0x082548a4 <sws_scale+36>: mov 0x8(%edx),%eax
0x082548a7 <sws_scale+39>: mov %eax,0xffffffec(%ebp)
0x082548aa <sws_scale+42>: mov 0x8(%ebp),%eax
0x082548ad <sws_scale+45>: mov 0x60(%eax),%edi
0x082548b0 <sws_scale+48>: test %edi,%edi
0x082548b2 <sws_scale+50>: sete %dl
0x082548b5 <sws_scale+53>: test %dl,%dl
0x082548b7 <sws_scale+55>: je 0x82548d8 <sws_scale+88>
0x082548b9 <sws_scale+57>: mov 0x14(%ebp),%esi
0x082548bc <sws_scale+60>: test %esi,%esi
0x082548be <sws_scale+62>: jne 0x82549fd <sws_scale+381>
0x082548c4 <sws_scale+68>: test %dl,%dl
0x082548c6 <sws_scale+70>: je 0x82548d8 <sws_scale+88>
0x082548c8 <sws_scale+72>: cmpl $0x1,0x14(%ebp)
0x082548cc <sws_scale+76>: mov 0x8(%ebp),%edx
End of assembler dump.
(gdb) info all-registers
eax 0x0 0
ecx 0xbfc626e4 -1077532956
edx 0xbfc626e0 -1077532960
ebx 0x10 16
esp 0xbfc621c0 0xbfc621c0
ebp 0xbfc62638 0xbfc62638
esi 0x89e5bc0 144595904
edi 0x10a0 4256
eip 0x82548ad 0x82548ad <sws_scale+45>
eflags 0x10286 [ PF SF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
st0 -nan(0x848382817f7e7d7c) (raw 0xffff848382817f7e7d7c)
st1 -nan(0x84008300820081) (raw 0xffff0084008300820081)
st2 -nan(0x848382817f7e7d7c) (raw 0xffff848382817f7e7d7c)
st3 -nan(0x84008300820081) (raw 0xffff0084008300820081)
st4 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st5 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st6 -nan(0x80008000800080) (raw 0xffff0080008000800080)
st7 <invalid float value> (raw 0xffff0000000000000000)
fctrl 0x37f 895
fstat 0x120 288
ftag 0xffff 65535
fiseg 0x73 115
fioff 0x80e33ed 135148525
foseg 0x7b 123
fooff 0x89e5c00 144595968
fop 0x55c 1372
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {

0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {

0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {

0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {

0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {

0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {

0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {

0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {

0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x848382817f7e7d7c, v2_int32 = {0x7f7e7d7c, 0x84838281}, v4_int16 = {

0x7d7c, 0x7f7e, 0x8281, 0x8483}, v8_int8 = {0x7c, 0x7d, 0x7e, 0x7f, 0x81, 0x82, 0x83, 0x84}}

mm1 {uint64 = 0x84008300820081, v2_int32 = {0x820081, 0x840083}, v4_int16 = {0x81,

0x82, 0x83, 0x84}, v8_int8 = {0x81, 0x0, 0x82, 0x0, 0x83, 0x0, 0x84, 0x0}}

mm2 {uint64 = 0x848382817f7e7d7c, v2_int32 = {0x7f7e7d7c, 0x84838281}, v4_int16 = {

0x7d7c, 0x7f7e, 0x8281, 0x8483}, v8_int8 = {0x7c, 0x7d, 0x7e, 0x7f, 0x81, 0x82, 0x83, 0x84}}

mm3 {uint64 = 0x84008300820081, v2_int32 = {0x820081, 0x840083}, v4_int16 = {0x81,

0x82, 0x83, 0x84}, v8_int8 = {0x81, 0x0, 0x82, 0x0, 0x83, 0x0, 0x84, 0x0}}

mm4 {uint64 = 0x80008000800080, v2_int32 = {0x800080, 0x800080}, v4_int16 = {0x80,

0x80, 0x80, 0x80}, v8_int8 = {0x80, 0x0, 0x80, 0x0, 0x80, 0x0, 0x80, 0x0}}

mm5 {uint64 = 0x80008000800080, v2_int32 = {0x800080, 0x800080}, v4_int16 = {0x80,

0x80, 0x80, 0x80}, v8_int8 = {0x80, 0x0, 0x80, 0x0, 0x80, 0x0, 0x80, 0x0}}

mm6 {uint64 = 0x80008000800080, v2_int32 = {0x800080, 0x800080}, v4_int16 = {0x80,

0x80, 0x80, 0x80}, v8_int8 = {0x80, 0x0, 0x80, 0x0, 0x80, 0x0, 0x80, 0x0}}

mm7 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0},

v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}

This bug was found using the Zzuf fuzzer. It was found as part of the
SUPERB-TRUST 2008 project ( see http://www.truststc.org/superb/ ) and the
metafuzz project ( see http://metafuzz.com/, stack hash 3374317095).

Please let me know if I can provide more information.

Change History (1)

comment:1 Changed 9 years ago by compn

  • Owner changed from r_togni@… to reimar
Note: See TracTickets for help on using tickets.